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A copyright protection scheme is provi-Jed in which data is 
downloaded from a server (1). typically over the World Wide Web 
(2) to a client (3), for presentation to a user. The downloaded 
data is cryptographically protected, by encryption and hashing. 
When displayed by the client, storing and copying functions are 
selectively disabled in respect of the data, in order to prevent 
unauthorised copying. 
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Copy Protection of Data 

Field of the invention ' 

This invention relates to protecting data against copying and has panlcular 
5 application to protecting data transmitted through a network, such as 
hypermedia transmitted over a web-based network. 

Background 

It is known that data in the form of hypermedia such as hypertext, is often 
JO written in the hypertext language HTML and arranged in webpages that are 
provided by a server connected through a network to a client. The client 
may comprise a personal computer or other processing device capable of 
presenting the data retrieved from the server to a user. The network may 
comprise a local area network (LAN), a wide area network (WAN) or may 
n comprise the Internet. For example, the World Wide Web comprises many 
.v.rvc;v con::;:ci over -he I^rcrncr u: -i T/cb. "•.hich h:ivc :vddrc5se^ jn ;:hc 
A c r m «' • \ : n . . -^ i yzcc v. rce 1 o ' - o rs ( sJ Kj -} . 

The hypertext information is arranged in webpages which include hotspots to 
70 allow the user to establish a link to another webpage, which may be located 
on the same or a different server, the routing to the document being achieved 
by use of a URL in the webpage at the hotspot. 

Web clients typically access the hypermedia information using a browser. An 
2; overview of the World Wide Web and HTML is given in Chapter 1 of 

"HTML 3.2 and CGI Unleashed" J. December and M. Ginsberg 1996 (ISBN 1- 
5752M77-7),' 

As well known in the an, HTML webpages can display text, graphics and 
30 files of other descriptions such as video images, animated graphics and audio 
samples. Hypermedia have the significant advantage that the client can 
rapidly transfer viewing from one document to another by using a mouse to 
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click on hoispots in the document, permitting the user^o transfer from one 
web site to another, which may be at different physical iocations. 

The individual works which arc displayed on the HTT^L pages may be 
3 copyright works. Because of the ease with which the copyright work may be 
viewed, transmitted and copied on the web, it is difficult fol- a copyright 
owner to enforce its copyright. For example, when a graphics file has been 
downloaded to a client, it may be readily copied onto the hard disc of a 
client's computer and replicated many times digitally, with no significant 
JO degradation from copy to copy. 

Summary of the invention 

With a view to overcoming this problem, the invention provides a method of 
copy protecting data sent from a server to a client for presentation to a user, 
23 comprising: cryptographlcally protecting the data; sending the 

cryptcgraphicnlly pror-cixd data to the iiHcnt:: and selectively conti'^Hini^ 

held by i.ne client i-i u ^vi^n suitable -or presentation ^-he user. 

20 The data may be crypt ographically proieaed by encryption and/or by an 
integrity checking procedure such as hashing. 

More specifically, the method according to the invention may include 
downloading a program objea to the client, running the program object on 

75 the client such that a request is uploaded to the server for a file containing the 
cryptograph ically protened data, downloading the file to <he client, and 
rendering the cr}'pi ographically protened data in an unproieaed form suitable 
for presentation to the user, the program objea being operative such that no, 
or restriaed, copy or save funaions are offered to the user in respea- of the 

3D downloaded data in its unprotected form. 

The invention has panicular but not exclusive application to downloading 
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data over a network such as the World Wide Web, but is also applicable to 
LANs, WANs and to distribution of data using long term storage media such 
as 3.5" floppy discs or CD-ROM based technology. \ 

5 The method of the invention may be used with a conventional browser. 

A message concerning a webpage may be downloaded from the server to the 
chent, the message including information concerning the program objea, such 
that a request is then uploaded to the server in response to the message, in 
20 order to retrieve the program object. The webpage may be wriuen in HTML 
code. The program object may comprise a Java applet although the invention 
envisages the use of other program objects such as Aaive X or OLE. 

As a result of processing a Java applet, the usual copy arid save functions will 
7^ not be presented to the user, thereby providing security in respect of the 

vuiprctected J?ra presented lo the user. 

ihe data prf:::c, ' d may ani^urise text, graphics, pictures, audio or any othci- 
suitable form. 

20 

The program objea may include data concerning a cryptographic key, which 
can then be used to render the downloaded cryptographicaJly protected data 
mto an unproteaed form suitable for presentation to the user. 

25 An authentication procedure may be employed to ensure that the 

cryptographicaJly proieaed data is only downloaded to an authenticated 
chent. The authentication process, may be performed by reference to a 
payment scheme, to enable a royalty to be colleaed in respea of the 
downloaded, cryptographically proteaed data. 

It will be understood that no copy protection scheme can ever be completely 
successful, because when data is presented to users, they will have the 
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opppnunity lo copy it. However in accordance with the invention the effort 
required to break the protection scheme provided by the inventive method 
may be significantly greater than the payment of a monetary sum to permit 
use of the protected data, thereby reducing the risk to the owner of the data 
5 releasing it through the World Wide Web or other open access networks. 

The downloaded data may be steganographically marked, for example with a 
digital watermark. When the identity of the client is known, the watermark 
may include the client identity, in order to provide additional security in the 
20 event that fraudulent copies are made by the user. 

The invention also includes a server configured to perform the inventive 
method. 

J5 The invention furthermore includes a method of downloading enciypted data 
from a sc:vr;r ro ■?. cHenr. including; rcp:isr?*n;:?^ the cHe>it: rAxh rli-^ sr^vrr hy 
drv^rnx:/-^ li j-=r. Line iJentifier oi rh- c^em ^-.iv:-iy ii:; hard^^^m 
and/or lu : .>.Tware configiiration, transmitting the machine identifier to the 
server, combining the transmitted machine identifier with a cryptographic key 

20 to form a unique determinator for the client, and transmitting the unique 
determinator to the client, to be stored therein for use subsequently in 
identifying the client to the server, to permit encrypted data to be 
downloaded thereto from the server; subsequently identifying the chent to the 
server on the basis of the unique determinator; and then downloading data 
25 encrypted by means of the cryptographic key to the identified client, for 
decr^'piion by the client using the key from the unique determinator. 

The downloaded data can be decrypted at the client using the key from the 
unique determinator. 

JO ' 

The client may be identified to the ser\'er by again determining the machine 
identifier for the client, comparing it with the machine identifier included in 
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said unique deierminaior, and signalling lo the server on the basis of the 
outcome of the comparison. 

I 

The client may be auihenicated by the server prior to downloading the 
3 encrypted daia.This may be carried out by generating a challenge, generating a 
response as a predetermined cryptographic funaion of the cryptographic key 
for the client as held by the server, and as a function of the key included in 
the unique determinator stored in the client, and authenticating the client on 
the basis of the outcome of the comparison. 

iO 

Brief description of the drawings 

In order that the invention may be more fully understood an example will 
now be descnbed with reference to the accompanying drawings, in which: 
Figure 1 is a schematic illustration of a conventional client and server 
73 connected through the World Wide Web; 

Fig^src 2 is a ^chematic i]lu:.irri.icn of - co:iv::nrional di:;niay provided hy a 

Figure 3 is a schematic iliLiCir^iion of a web server 1 connected to a client 3 
through the World Wide Web 2, in accordance with the i/, vention; 
20 Figure 4 is a schematic illustration of the display of a web browser in 
accordance with the invention; 

Figure 5 is a schematic illustration of data flows between the client and server 
in accordance with an example of the invention; 

Figure 6 is a schematic flow diagram associated with step SIO of Figure 5; 

2} 

Figure 7 is a schematic illustration of the BT copyright (BTC) file structure; 
Figure 8 is a»flow chart showing in detail the aaions carried out during the 
wrapping step 10.5 of Figure 6; 

Figure 9 is a schematic flow diagram associated with step S12 of Figure 5; 
3D Figure 10 is a schematic illustration of data flows associated with a procedure 
for registering a client with the server; and 

Figure 11 is a schematic illustration of authentication, subsequent to 
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registration according to Figure 10, corresponding lo step S9 of Figure 5. 
Detailed description 

An example of the invention will now be described in relation to the World 
5 Wide Web (WWW). As is well known, a page of information on a web 
server is identified on the web by means of an individual I)RL so that it can 
be accessed by a browser running on a client computer, deferring to Figure 
1, a web server 1 is connected through the World Wide Web 2, to a client 
computer in the form of a PC 3. HTML webpages can be downloaded to the 
10 client computer 3 from the web server 1, to be displayed to the user of xhe 
client computer 3. The HTML document may include links to other HTML 
pages on the same or a different web server, in a manner well known per 5c. 
The HTML webpages may also include embedded objects such as graphics, 
images and the like. 

The c'-cnt 5 nins- a browser which lecf^ivos rhc: HTML dec^iment:/? ivov.x the 

e>orr:j. i,-^ ihe browser in Java aware i.e. can interpret Java "bytecodes received 
from the server. More particularly, as known in xuc art, when the HTML 

70 document includes a so-called Java applet tag, the server downloads a 

corresponding applet, consisting of Java bytecodes, which are inteipreted and 
run by the browser. Typically, the downloaded Java applet allows 
imeraaivity between the user of the computer 3 and the displayed image. For 
further information, reference is direaed to "HTML 3.2 and CGI Unleashed", 

75 suproy Chapter 18. 

An example of the screen display of an HTML webpage is shown in Figure 2. 
The display is provided within a window 4 presented by the browser. 
Examples of a suitable browser are the Microsoft Internet Explorer 3-. 1 and 
30 the Netscape js^avigator. The browser includes a number of conventional 
controls which are operated by clicking on a mouse, in the -usual way. For 
example, the browser includes a print button 5 which allows a screen prim to 
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be produced of ihe entire page shown within the browser window 4. Also, 
the browser includes a control, shown schematically at 6, with a drop-down 
menu option "view source", which allows a display to be provided of the 
aaual HTML code which is being run. 



A page 7 is shown wiihin the window 4 of the browser. The page is defined 
by a sequence of lines of HTML code which specify the text and layout 
provided on the page. Also, the code specifies areas which receive graphical, 
image data or other data that is downloaded in separate files which have a 

10 predetermined tag. In this example a graphics file with a tag "gif" is displayed. 
The HTML code causes the gif file to be displayed within the pre-defined area 
of the page. Thus, in the page 7, the gif file is displayed in region 8 defined by 
the downloaded HTML code. An example of the code for the gif file is 

- shown in Code Extraa No. 1, below. 

7; 

Cede Extract No. 1 

CE1.I <^:T^•^^.-- 
CE1.2 

CE1.3 <HEAD><TITLE>CGni, :.?.ny X's Home-rc--- ' nTLE></HEAC> 
2c CE1.4 

CE1.6 <BODY> 

CE1.6 Welcome to Company X's Homepage 
CE1.7 

CE1.8 <IMG ALIGN=middle SRC="a_graphic.gir><P> 
75 CE1.9 

CE1.10 <A HREF="another.htmr>link to another web paae</A> 

CE1.11 </BODY> 

CE1.12 

CE1.13 </HTML> 

30 

If the user chcks the computer's mouse in the area of the displayed image 8, 
usmg the right mouse button, a drop-down menu 9 is displayed which gives 
ihe user options including "save", to save the digital data corresponding to the 
gif file to the computer's hard disc or to some other storage location, and also 
the option to print, using a printer conneaed to the computer 3 <noi shown). 
Thus, the user of computer 3 can make a copy of the digital data which 
comprises the graphics displayed in region 8 and the data can then be 
forwarded to other locations in an unrestrlaed manner. Because the data is 
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recorded in digital form, it can be replicated many times without degradation 
of image quality. 

Also, the entire page 7, including the graphics display 8, can be printed usinjg 
5 the browser print button 5. However, the printed image quality can only at 
best be of that displayed on the screen of the computer. The printed image 
will be in the analogue domain so any processes that return the image to the 
digital domain will only further reduce the quality. 

20 The displayed HTML page 7 also includes a hotspot 10. When the 

computer's mouse is clicked on the hotspot, a link is established to another 
webpage, which is then displayed within the window 4. The HTML code 
associated with the hotspot 10 includes a URL in order to establish the link to 
another webpage, in a manner well known per sc. 

As is well known in the art. HTr-4I rode can also include a Java applet. This 

czK- h -t iocaliy, within the b;o ■ 4. An applet is specified in HTML by 
a code tig - applet as will be described hereinafter. When the HTML 

70 interpreter in the browser encounters such a tag in a webpage, it refers back 
to the web server, which then downloads Java bytecodes to the browser. 
Typically, applets are used to display animated graphic symbols in a webpage, 
although many other applications can be provided, as well known to those 
skilled in the art. The location and size of the applet display is determines! by 

75 instructions in lines of the HTML code. 

If the user clicks the right mouse button on the data displayed by running the 
applet, no drop-down menu is provided corresponding to the menu 9 shown 
in Figure 2. The user can use the view-source button 6 to display the lines of 
JO code which make up the HTML page being displayed, but this does not ^^reveal 
the data that is displayed when the applet is run by the browser. The Java 
interpreter can display gif files when running an applet, within the applet. 
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although normally, gif files are downloaded directly into the webpage because 
it is not normally necessary to process them in terms of Java^bytecodes. 

The present invention provides a method by which data can be downloaded 
s to the webpage in a secure manner, and cannot be saved or copied whilst 
being displayed without significant fraudulent effort. 

An example of a downloading process in accordance with the invention will 
now be described in more detail with reference to Figures 3, 4 and 5. In this 
/0 example, a webpage containing copyright protected image data is downloaded 
from the server 1 to client computer 3 through the World Wide Web 2. The 
resulting display in the browser 4 is shown in Figure 4 and the processing 
steps are shown in more detail in Figure 5. 

n At step Si the client 3 uploads a request to the server 1 for details of a 

proioccl (H'a ir) pu^;o rcq^-- -.. The server tncn, -^i sztiij Si, )ierr oi^v:-- 
constructs it "on the fly" and downloads the HTML code corresponding to 
the page, to the client 3 through the World Wide Web (WWW) 2. In the 

20 usual way, the HTML code includes references for images, graphics, sound 

bytes and the like and in response to such codes* the server will upload HTTP 
requests for corresponding files to be displayed in the webpage. For example, 
referring to the webpage 7 shown in Figure 4, it includes a graphical image 11 
constituted by a gif file. In order to obtain the data for the display 11, an 

7: HTTP request is uploaded at step S3 to the server, and corresponding binary 
graphical data is downloaded at step S4. This data is then displayed in region 
11 of the page'? shown in Figure 4. However, this data is not copyright 
protected because the user can save and copy it using the right mouse button 
as previously explained with reference to Figure 2. 

30 

However, in accordance with the invention, region 12 of the displayed page 7 
is copyright protected. The HTML code associated with the page 7 of Figure 
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4 is shown in Code Extract No. 2, below, and references an applet Al at line 
CE2.8. 

Code Extraa No. 2 

} CE2.1 <HTML> 
CE2.2 

CE2.3 <HEAD><TITLE>Company X's Homepage</TITLE></HEAO> 
CE2.4 

CE2.5 <BODY> 

" CE2 7 *° Company X's Homepage with added copyright protection 

« CODE=BTCBrowserApplet.class WIOTH=200 HEIGHT=1S0> 

CE2.9 <PARAM NAME = file VALUE="a_graphicgjr> 
CE2.10 </APPLeT> 

}} CE2.11 <IMG SRC="another oraphic.Qif'><P> 
CE2.12 

CE2'l4 HREf ="another.html">llnk to another web paQQ<lfo 

CE2.15 

30 CE2.16 </HTML> 

The Java bytecodcs for running the applet are downloaded to the client from 
the server 1 to the client 3 at step S6 in Figure 5. The applet Al -is .Me-.n run 

rv^ the .ijep., ^^-inj, .h. .]av« int-^rprc; , ^frK^n tbe -ov^s.: in orJ./ to 
5J ; .ep:ir:? ;.iO%vser to ,.rtcivc dai. U dispiaycJ i- .cgjo- 17 ■ 
webpage, downloaded from the server. 

The data to be displayed in region 12 is cryptograph ically protected so that it 
cannot be readily deciphered, by monitoring the downloaded signals. In this 
30 example, the cryptographic protection includes encryption of the downloaded 
data together with hashing, a5 will be explained in more detail hereinafter. 

The applet A] allows the downloaded file to be decrypted and checked for 
integrity i.e. hash verified. More specifically, the applet Al includes the 
V. following: a hashing algorithm HA, a master hashing key Km„, an encryption 
algorithm EA, an encryption key Ke and a ETC file request. As used herein, 
the term BTC, refers to a file of copyright proteaed data, /or display at the 
browser. 
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The applet Al is run at step S7 on the client computer 3 and at step S8, the 

applet causes a BTC file request to be uploaded to the server 1. 

1 

I 

At step S9, the server performs an authentication step in order to determine 
J whether it is safe to download the requested BTC file to the client. The 
authentication may be carried out in a number of different ways. For 
example, the server may only download the file if the client has made a 
payment, so as i© allow the owner of the copyright of the BTC file to collea 
a royalty for the aa of viewing the file. A micropayment scheme for this 
to purpose is described in our co-pending patent application No. GB 9624127.8 
entitled Transaction System. Alternatively, the client 3 may be known to the 
server m respea of some other service being provided, for example an Internet 
home shopping scheme, and the client's credentials may be authenticated by 
means of procedures already in use for the service. 

IS 

Assiimino th:.t rhr. dienr 5 ps::::^s the -■or.h-.ijt ^.rstion -.:op S9, the s.-iv-i- ..h.-n, 
i ct.:.p .-slO, proi.a.tf-s li;.-: B'j'C i'vle i'o/ Hov/ji], ■ xhe cliL-it 3. 

The step SlO is shown in more detail in Figure 6. At step SlO.l the relevant 
!0 data is fetched. This may comprise graphics data, audio, video, text or an 
other appropriate data format. 

At step S10.2, the data is watermarked. This may involve changing some of 
the bits m the data stream so as to record a pattern which is imperceptible in 

2} the image displayed by the browser 4, when the data is downloaded to the 
client. Watermarking is a well known example of a technique termed 
stegaiiography. For a general review of this technique and digital 
watermarks, reference is directed to "Disappearing Cryptography", P. Wayncr, 
Academic Press 1996 (ISBN ai2.738671-8). Watermarking gives additional 

30 security in the event the proieaed data is copied, because knowledge of the 
source of copying can be determined from the watermark. Thus, if the 
authentication step <step 59) provides the server with a panicular identity for 
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the client, the identity may be watermarked at step S10.2 into the data. 

At step SlO.3, the watermarked data is hashed at the s^rv-er, using a<opy of 
the hashing algorithm HA that was downloaded in applet Al and a fik- 
5 specific session hashing key Ksh- The hashing process consists of using the 
algorithm HA and-the key Ks„ together with the data bits of the encrypt-ed 
data, to form additional bits HV, in the manner of parity bits, that are added 
to the data string. The hashing ensures that sections of data are not removed 
and replaced by others, in order to ensure thai for example a command "pay 
20 U$r is not changed to "pay USSlOO". A suitable form of hashing algorithm 
is SHA which is described in more detail in National Institute of Standards 
and Technology, Federal Information Processing Standards Publication 380-1 
(NIST FIPS PUB 180-1) SECURE HASH STANDARD. 

25 As Step SlO.4 the data is encrypted at the ser/er 1, using a copy of the 

algorithm KA iif}t\ ihe key Kj:T;hIch ?/cre downloaded plev:cu^ly to ih*^ 

: riihm is ih'. -/-S algorithn-i and referencv directed to i;;.c National 
institute of Standards and Technology, Federal Information 
70 Processing Standards Publication 46-2 <N1ST FIPS PUB 46-2) DATA 
ENCRYPTION STANDARD PES). The encryption algorithm AE is 
aaually a pair of algorithms, one of which is used to encrypt and the other to 
decrypt. It will be understood that the key is changed periodically as is 
known to be good praaice in the art. 

7$ 

Then ihe resuhing file, at step Si 0.5 is wrapped in a proprietary BTC file 
formal which itself includes additional cryptographic prot«tion techniques. 

The proprietary BTC file format is shown in Figure 7. The BTC fik format 
JO comprises heacJer information H, and an embedded file EF. The processing 
performed at step SI 0.5 is shown in more detail in Figure 8. 
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The BTC file in step SlO.5 is generated as follows. In step SlO.5.1 partial 
information for the header H is generated. This comprises^ version ntjmber 
for the file format, and any specific copyright protection control information 
CI for the file. 

In step SI 0.5.2 the integrity of all of this information is proteaed by 
generating a hash value HW^^^ using a hashing key HKh^ad- 

In step SIO.5.3 the hashing key used on the header HKhead* and the generated 
10 hash value HV^^^ are both appended to the header H, so as to complete it. 

In step Si 0.5.4 the watermarked, and encrypted file generated in step SlO.4 is 
appended to the header H to form pan of the embedded file EF in Figure 7. 

33 In step SlO.5.5 information which describes the hashing that was performed in 

iicjs SIO.^ is :sppcr:.dt:d 'O rh^ rile Er. This }n{orxi):xiioi\ comprise:; the sorr^f^r 

HKj^t^jijjj and the nash value HTv^ generated in sv;.^ ^10.3 hereinafter referred 
to as HV^^t^jj^j. This completes the BTC file. 

70 

At step Sn (Figure 5) the BTC file is downloaded to the client 3. 

Then, at step S12, the BTC file is processed using the applet Al previously 
downloaded to the client 3. The processing performed at step S12 is shown in 

25 more detail in Figure 9. At steps Sl2.] and S12.2 the integrity of the content 
of the header H is verified. In step Sl2.h using the hashing algorithm HA, 
and the hashirig key used on the header HXh^o (recovered from the header H 
of the BTC file) the hash value H\\^^ of the header is generated. At step 
S12.2 the value is checked against the hash value HV^^ recovered from the 

30 BTC file header H. 

If the result of the check is unsaiisfanory, an error banner is displayed at step 
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S12.3 in the region 12 -{Figure 4) in the window of the browser 4. However, 
if the integrity check is satisfactory, the applet A 1 che<:ks in step Si 2.4 that it 
knows how to process files of the type specified in xhc version number 
recovered from the header 1 of Figure 7. If the result of the check is 
5 unsatisfaaory, an error banner is displayed at step S12.3 in the region 12 
figure 4) in the window of the browser 4. However if the check is 
satisfaaory, the applet Al can make use of the specific copyright protection 
control information CI for the file {present in the header H of Figure 7) when 
processing user requests for data manipulation. 

20 

In step S12.5 the embedded file EF is decrypted using the encryption 
algorithm EA and the key previously downloaded in the applet Al. 

In steps S12.6 and S12.7 the integrity of the content of the decrypted file is 
23 verified as follows. In step S12.6, using the hashing algorithm HA, and the 

h^shinE hey v'led cn the emh^^dded file (rcroverf^d hom the cmbcJde-d f;]^- Er 

vsiue is rh— is. J ..^amst the h; - value HV.^Kc^^^j recoverca fi :-:n ihc 3TC 
embedded file EF. 

20 

If the result of the check is unsatisfactory, an error -banner is displayed at step 
S12.3 in the region 12 {Figure 4) in the window of the browser 4. However, 
if the integrity check is satisfactory, the applet Al can display the content of 
the decrypted file in the region 12 {Figure 4) in the window of the browser 4 
23 in step Si 2.8. 

Thus, if the ETC file contains imsge data, the image is -displayed, together 
with its imperceptible watermark, in the region 12 of webpage 7 shown in 
Figure 4. The user cannot save or copy the image data. Because the Java 
3C enabled browser is running an applet for the image data in region 12, tbe 

funaions of the right mouse button are disabled for region 12. Therefore, if 
the user clicks the mouse wMth the right button, no menu option is 
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automatically provided for saving, copying or printing the displayed data in 
region 12, The right mouse button funaion is disabled according to usual 
Java operation for applets as previously described. The user 'could operate the 
print button 5 of the browser 4 but this would only print a low quality image 
5 and would not permit the digital data that comprises the image 12 to be 
recovered .for the purpose of providing a high quality copy. " 

Funhermore, if the downloaded BTC file is cached in the browser, it will be 
cached in its cryptographically protcaed form so that making copies of the 
10 cached file does not permit access to the downloaded data in the BTC file, 
unless substantial code breaking aaivities are fraudulently undertaken by the 
user. 

It will be understood that no copyright protection scheme can ever be 
/; completely successful because when a copyright work is presented to a user, 

xh' Y v/iil hnv/» :2n C'"'" ':ni?.r.iT.y to c^ioy it. Tltc* "^-Vir-'-^iSit o? rhc ore.''.>':.:;r .'ch'^.njr; 
hc?/';ver, h md.z c^-y of t^. i:::'-.\^i^y ^•?m in Mispe».: cJ th:, 

copyright protcaed rvcrk, y---^^- aive than ihc effort of breaking the 
protection regime provided by the invention. An analogy can be drawn with 

20 copying pages of a book with a photocopier. In theory, it would be possible 
to borrow a book and then photocopy all of its pages. However, in practice, 
this is very inconvenient and it is probably easier to purchase another copy of 
the book. Similarly, in the described example of the invention, it is simpler 
to pay for viewing of the copyright work than spending time breaking the 

73 copyright proteaion scheme. 

Many modifications and variations fall within the scope of the invention. For 
example, the running of the applet Al may be modified according to the 
downloaded copyright control information CI in order to provide a restricted 
JO set of functions when operating the right mouse button on the display area 
12. For example, operation of the right mouse burton on the display area 12 
may optionally provide a drop down menu which offers the user a copyright 
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notice giving details of the copyright owner of the displayed image. 

Also, the menu may offer an option to save the document in an unprotected 
format upon payment of an additional larger fee than that paid to view the 
s image initially. 

Considering the applet Al downloaded at step S6 in Figure 5, it may not be 
necessary to include the encryption and hashing algorithms EA and HA for 
every downloading operation. It is preferable, but not essential thai the 
10 algorithms are kept secret, so that they could be pre-loaded onto the client 
computer, and held in a data file on its hard disc. 



If the server 1 knows the identity of the client 3, at the time of requesting the 
applet Al, individual encryption and hashing keys can be downloaded in the 
15 Java b>tecodes A], at step S6. The embedded EF file in Figure 7 can ihenhe 

onciyptcfi and hashed ucing ihc individual ktys, spcrcific to tn.-; client 5, wh^ro 

specific to jh.: ^.j- nt 3, in^provKs securir'/. 

30 An example of how an individual key can be provided, will now be described 
with reference to Figures 10 and 11. Figure 10 illustrates an initial registration 
procedure by which details of the client 3 are made known to the web server 
1. At step Rl, the client 3 contacts the web server 1 with a request to 
become registered for the copyright protection scheme. The web server 1, at 

2} Step R2 provides the client with a program referred to herein as a dogtag. 
The dogtag is typically provided on a compan <5ptical disc <CD), possibly in 
combination with other software, e.g. for shopping over the Internet or s 
micropaymem scheme. By sending the CD through the postal service to a 
specified address, there is reasonable certainty that the diem machine which 
30 runs the dogtag corresponds to the user who requested it. The CD may also 
include the encryption and hashing algorithms EA and HA which can be pre- 
loaded onto the client's hard disc. 
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At step R3, the dogtag program is run in order to provide a machine 
Ideniification code {MID) which provides a substantially unicjue identification 
of the ch'ent. The dogtag program scans the client computel- both in terms of 
its hardware and software. Examples of charaaerisiics of the client which can 
i be used to form the MID are as follows: 

The physical components of which the computer comprises (size of 

memory, presence of CD drive) 

Characteristics of the physical components (manufaaurer, number of 
tracks on a hard disc) 
^0 Location of static information on a hard disc (bad sectors) 

Location of long lived files on a hard disk (operating system 
executables) 

Operation characteristics 

Logical directory and file struaures ' 

Files specifically created to identify the machine 

^dentificatic;; number of h: :c .. :u-e, e.g. hard disc. 

20 For added security, the dogtag can only be run once for registration purposes. 

At step R4, the MID is uploaded through the WWW 2 to the web server 1. 
At step R5 an individual cryptographic key K, is embedded together with the 
MID in the bytecodes of the Java applet which is then downloaded at step R6 
75 to the client 3 and is stored on the hard disc thereof at step R7. The 

individual key Kj aaually comprises a set of keys, individually provided for 
each client 3 for use in hashing and encrypting as previously described. 



Referring now to Figure 11, this shows how the authentication step, step S9 
30 in Figure 5, can be performed, subsequent to the registration procedure of 
Figure 10. 
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At step Ql, the dogtag program is used to produce a current MID. This is 
compared, at siep Q2, with the MID stored on the hard disc of the diem at 
step R7, during the registration procedure. If the MIDs are the same, the 
current value of MID is sent at step Q3 <o the web server 1. 

At step Q4, the web server 1 generates a challenge consisting of a random 
number, RAND, which is transmitted toihe client 3. Then, at step Q5. the 
client computes RESPONSE as a cryptographic funaion of the MTO, the 
challenge RAND and the stored individual cryptographic key K,. 



10 



At step Q6. the RESPONSE is sent to the web server 1 through WW 2. 
Meanwhile at step Q5, the web server also generates a response, namely 
RESPONSE* in the same was as performed by the client 3. At step Q7 the 
RESPONSE is compared with RESPONSE' and if they c<3rrespond, the client 
» has been successfully authenticated. In this situation, the BTC file can be 

H-wnlcded, ,s .ho^n .t .i:cp. S\0 .nd SH in Fig.,re 5, using -ndividu.! keys. 

.... .'ir. •.•::.m. rpcyyyfiori -ii.; MacJvTjg. The k''.ys i.^ed nx./ b-i 
c^.sion keys, ger-crated iron-, ^-y matches and r. batch number. 

20 Other forms of authentication can be used. For example, a smart card can be 
used in the manner of a SIM card used with GSM mobile telephones, in 
combination with a SIM card reader connected to the diem 3. This has the 
advantage that the identity of the user is monitored rather than the identity of 
the cliem computer, so that the user can move from machine ^o machine and 

3S Still use the service. 

Referring again to Figure 3, the web server ] is illustrated as having differem 
funaional blocks 13. 14 and 15. Block 13 performs the cryptographic 
processes associated with steps SlO.3 and SlO.4 of Figure % block 14 performs 
so the watermarking processes described with reference to step SlO.2 and block 
15 performs the other processes. In some situations, it may be convenient to 
provide separate cryptographic servers and watermark seivere so that the 
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provision of keys and watermarking can be performed as a separate service to 
a number of different web servers. 

I 
I 

Whilst the described example of the invention uses the Java programming 
5 language, it will be understood that other hypermedia languages may be used, 
for example Aaive X and OLE. 

The registration and authentication procedure described with reference to 
Figure 10 and 11 may also be used for other authentication processes.in which. 
70 a client is required to register with a web server. Thus, this procedure could 
be used for processes which involve other data transfer regimes between the 
client and server in which a registration and authentication is needed. 



I 
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Claims 

1. A method of copy proteaing data sent from a server to a. client for 
} presentation to a user, comprising: 

cryptographically proteaing the data; ' 
sending the cryptographically proteaed data to the ch'cm; and 
seleaively comrolhng copying fonaions of the diem in respect of the data 
whilst the data is being held by the cliem in a form suitable for presentation 
10 to the user. 

2. A method according to claim 1 wherein the data is proteaed by 
encryption. 



A method according to claim 1 or 2 wherein the integrity of the data is 



n 3. 

protected cryprogrnpiiically 



A me- r.od according to claim 3 w- n the integrity of the data is 
achieved by iiashing. 

30 

5. A method according to any preceding claim induding authenticating 
that the client is permitted to receive the data. 

6. A method according to any preceding daim induding identifying the 
2i dient to the server before the data is sent to the dient. 

7. A method according to any preceding daim induding: 
downloading a program object to the client, 

running the program obiea on the diem such that a request is uploatled to 
30 the server for ^ file containing the cr^-ptographically proicaed data, 
downloading the file to the client, and 

rendering the cr>'ptographically protected data in an unprotected form suitable 
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for presentation to the user, 

the program objea being operative such that no, or r«triaed, copy or save 
funaions are offered to the user in respect of the downloaded data in its 
unproteaed form. 

5 

8. A method according to claim 7 including downloading a message 
concerning a webpage wherein the message Includes information concerning 
the program object, and uploading a request for the program objea in 
response to said information in the message. 

JO 

9. A method according to claim 8 wherein the message is in HTML code. 

10. A method according to claim 8 or 9 wherein the program object 
comprises a Java, Active X or OLE applet. 

11. A. ;^:icihcd acccrdiue vo -Mxy one of o)::inis 7 vo 10 wherein the rni«^sf:HS^e 

12. A method according to any preccdii;g claim wherein the data is sent to 
20 the client from the server through a network. 

13. A method according to claim 12 wherein the network comprises the 
World Wide Web. 

2; 14. A method according to any one of claims 7 to 10 wherein the program 
objea includes data concerning a cr>'piographic key, and including using the 
key to render the downloaded crypt ographically proieaed data into an 
unproteaed form suitable for presentation to the user 

JO 15. A method according to any preceding claim wherein the server and the 
client each hold data corresponding to a cryptographic key and a machine 
Identifier for uniquely identifying the client, the method including: 
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sending a challenge to the diem, such that it generates a signed response as a 
cryptographic funaion of the key and the machine identifier held therein, 
generating from the cryptographic key and machine identifier held associa^d 
with the server, a corresponding signed response as a cryptographic ^unction 
3 of the key and the machine identifier, 

comparing the signed responses from the client and the server, and if they 
correspond, performing the encryption with the key, 
and performing the decryption at the client with the key. 

70 16. A method according to any preceding claim wherein the data is 
steganographicaily marked. 

17. A method according to any preceding claim including registering the 
client with the server. 



J5 



IS. A nievhcd ^ccoidirg ro nny prcreding cUJns inciucim;: 
.■:..er.';:f:::i2s a >-.;....h:ne id-n^ 'i-v: rhr dir.r.t by ^ivAy^n^ Vet h^K^ :.r^r^. 
and/ or \rs software coiiiigurationj 
transmuting the machine identifier to the server, 
20 combining the transmitted machine identifier with a cryptographic key to 
form a unique determinator for the client, 

transmitting the unique determinator to the client, to be stored therein for use 
subsequently in identifying the client to the server, to permit encrypted data 
to be downloaded thereto from the server. 



25 



19. A server configured to perform a method as claimed in any preceding 
claim. 



20. Initiation by the client, of the downloading of copy protected data by 
JO a method according to any preceding claim. 

21, A copy protected data stored on the client by a method according to 
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any preceding claim. 

22. A method of downloading encrypted data from a server to a client, 
including: 

5 registering the client with the server by 

determining a machine identifier of the client by analysing its hardware 
and/or its software configuration, 

transmitting the machine identifier to the server, 

combining the transmitted machine identifier with a cryptographic key 
10 to form a unique determinator for the client, and 

transmitting the unique determinator to the client, to be stored therein 
for use subsequently in identifying the client to the server, to permit 
encrypted data to be downloaded thereto from the server; 
subsequently identifying the client to the server on the basis of the unique 
2i determinator; and then 

ric~.-/niGr;din<^ dwca cncr/pted by mer^ns of ihn cryptcgrsphic key to 'the 

hrCi c;...;/t. h^i = * xn -jt on by c};:;;;--. Msin^ 'dm kw*' from iiD'-n"'.'- 
dcterminiitor, 

30 23- A method according to claim 22 including decrypting the downloaded 
data at the client using the key from the unique determinator. 

24. A method according to claim 22 or 23 wherein the client is identified 
to the server by again determining the machine identifier for the client, 
25 comparing it with the machine identifier included in said unique determinator, 
and signalling to the server on the basis of the outcome of the comparison. 

25- A method according to claim 22, 23 or 24 including authenticating the 
client to the server prior to downloading of the encrypted data. 

30 

26. A method according to claim 25 including generating a challenge, 
generating a response as a predetermined cryptographic funaion of the 
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cr>'ptographic key for the client as heW by the server, and as a function of the 
key included in the unique determinator storecJ in thedient, and 
authenticating the client on the basis of the outcome of the comparison. 

; 27. A client configured lo perform a method as claimed m any one of 
claims 22 to 26. ' 



BN'SDOCtO; <WO_9&«=40EA1.L> 



wo 98/44402 



PCT/GB98/00808 



1/8 




SUBSTITUTE SHEET .<RULE 26) 



Wd 98/44402 



PCT/CB98/00808 



L 



2/8 5 



^edn \ view* \ po jiavoniea | netp \ 



Back 



Stop 



refresh 



home >earch 



T 



Print 



address£ 



Welcome to Company X's Homepage 

8 



graphics display 






ft»V» 






1 





9 



link to another web page 
10 \ 



S 



V 





Hig. 2 (^'n or Art) 



p5r- . Jd 


i vie\V 1 90 1 ir.c;p ~| / | 




Back 


fcyward 


Stop 




refrest 


home 


seard 


1 


— J — ■ 
Print 







address] 



Welcome to Company X's Homepage 
with added copyright protection 



11 



Copyright 
protected 
document 



graphics display 



12 




link to another web page 
10 N 



Fig. 4 



SUeSTlTUTE SH€€T <RULe 26) 



wo 98/44402 PCT/GB98/00808 



3/8 




2 



/ \ 



client computer 

Java 'applet 



SUBSTITUTE SHEET (RULE 26) 



BNSDOCID: «WO 984*-«02A VL> 



wo 98/44402 



PCTyGB98/00S08 



Web server 1 



S7 

1 
I 
I 

sek- 



Client 3 



sii^ 


HTTP request for web page 




1 
t 
1 
1 

S2 


reply: HTML code for webpage 




1 
1 
1 

S2k 


HTTP request for gif. file 


— H 


t 
1 
• 

S4 


binary data 


— >j 


1 

t 

S5< 


request for applet 




! 
t 


-: ....iload appir' Iryiecodes 


'S,* 



BTC file request 



S9 authentication 



si;o 



Sl!l 



prepare BTC file for downloading 
download BTC file 



S12 



run applet 



Fis. 5 



process BTC file 



SUBSTITUTE SHEET <RUL€ 26) 



SN'SDOCIO: cWC: 96*4tz02Al.l_> 



wo 98/44402 



PCT/GB98/00808 



5/6 



step SIO 



S10.1 



S10.2 



S10.3 



S10.4 



get file 


\ 


/ 


watermark file 


N 


/ 




sigorithm HE 


encr 
E' 


ihm 



-.10.5 



wrap file 



go to step S11 



SUBSTITUTE SHEET <RULE 26) 



BNSDOCID: <WO_9B*a402A1.L» 



wo 98/44402 



PCT/GB98/00808 



^/8 



BTC file format 



header information 
^ 



H 



embedded Tile information 



Step SI 0.5 



put into header: 

1. version number 

2, specific control options (CI) 


> 




1 generate HV 

! he 

i 
i 


! 




put HK & 

head 
into header 


HV 
head 






write watermarked and encrypted 
file into EF (Fig. 7) 






write HV 

embedded 

and HK 

5 embedded 
to EF (Fig. 7) 



S10.5.1 



S10.5.3 



S 10.5.4 



S10.5.5 



Fig. 7 



Fig. 8 



€U8SHTUT€SH£€TKRULE2-6) 



•O: «WO &6^^^2A1 t > 



wo 98/44402 



PCT/GB98/00808 



7/8 



Fig. 9 



S12.3 



display error 
banner 



N 



N 



step SI 2 

generate HV 

head' 
using HA & HK 



head 




generate HV 

embedded' 
using HA & HK 

embedded 




display file 



S12.1 



S12.2 



S12.4 



Si 2.5 



SI 2.6 



S12.7 



S12.B 



SUBSTITUTE SHEET <RULE 26) 



wo 98/44402 



PCT/GB98/00808 



Registration 
Web server 1 



fi/8 



Client 3 



R2- 



R3 

r4- 



initial access 



supply dogtag CD by mail 



upload MID 



f^5 Embed individual cryptographic key 
; and MID in applet 

download applet bytecodes 
R6 



RT! 



execute Dogtag 
to provide MID 



Fig. 10 



Store applpt in client 



AVeb server 1 



Client 3 



Q1 
Q2 

03 



use dogtag to compute current MID 

t 

compare current MIDv/ith version on hard disk 
If current MID=sto^ed MID. upload to server 



upload MID 



generate random number 
cha*lienQe = RAND 

download RAND 

OA 
05 



'generate RESPONSE" 



06 
Q7 



generate R€SPONSE 



upload -RESPONSE 



successful authentication if RCSPON 

t 

SUBSTITm€ SHE€T^flULE 28) 



. Fig. 1 1 



INTERNATIONAL SEARCH REPORT 



InteriK •'nsi Application No 

PCT/45B 98/00808 



A. CLASSIFICATION OF SUBJECT MATTER 

IPC 6 G06F1/00 H04L29/06 



According to intemetionat Patent Cia&sificaiiondPC) or to tx>th nationel daEsiticetion end IPC 



B. FIELDS SEARCHED 



Minimum documentation searched (class itication system followed by classification symbols) 

IPC 6 606F H04L 



Documentation searched other than minimum documenialion lo the extent that such documents are included In the fields searched 



Eiearonic data base consulted during the international search (nanne of data base and. where practical, search terms used) 



C. DOCUMENTS CONSIDERED TO BE RELEVANT 



Category • 



Citation of document, with indication, where appropriate, ol the relevant passages 



Relevant to claim No. 



wo 94 07204 A (UNILOC CORP PTY LIMITED 

; UNI LOG SINGAPORE PRIVATE LIMIT (SG); 

RICH) 31 March 1994 

see abstract; figures 2,3,7-9 

see claims 1-30 



22,23, 
25,27 



15,17-19 



c:--;iis 1-9 



-/-- 



[ X I Further documents are listed in the continuation of box C. 



Patent family memt>ers ate listed in annex. 



• Special categories ot ciieo oocumenic : 

'A* oocumeni detining me genefsl siete of the an which is not 
considered to be of pantcuiar reievancr 

*E* earlier document but publisheo on or etier the iniernationai 
filing date ' 

■L' document which may throw doubts on priority claim(s) or 
which is cited to esiabfish the publication date of another 
citation or other special reason (as specified) 

*0' document referring to an oral disclosure, use. eyhibhion or 
other means 

•P' document published prior to the iniemationat tiling date but 
later than the pnority dale claimed 



*T' later oocumeni published after the imernationat filing date 
or priority date and not in conflict with the applicaiibn but 
cued to linoersiand the principle or theory unoerlyit^ the 
invention 

document of panicular relevance: the claimed invention 
cannot be considened novel or cannot be considered to 
involve an inventive step when the document is taken alone 
*Y* document ot particular relevance: the claimed invention 

cannot be considered to involve an inventive step when the 
document is combined with one or more other such docu- 
ments. such combination beirtg obvious lo a person sicifled 
in the an. 

*&" document member of the same patent family 



Date ot the actual completion of theiniernational search 



23 June 1998 



Name and mailing adoress of tr^e ISA 

European Patent Office. P.B- S8l8'PetehtliBah 2 
NL . 2280 HV Riiswijk 
Tel. (+31-70) 340-2040. Tx. 31 65l epo nl. 
Fax: (^1-70) 340-301E 



Form PC1/)SA/?10 (»eoona shmI] fJuiy 1982} 



Dale of mailing of the international search repon 



01/07/1998 



Authort2ed officer 



Powell, 0 



RM<mCID: <WO 9&C4402A1 I > 



page 1 of 2 



INTERNATIONAL SEARCH REPORT 



•ntern. ^al AppHcatlon No 

PCT/€8 98/00808 



C.(Conimuatlon) DOCUMENTS CONSIDERED TO BE RELEVANT 



Caieyoiy 



Ciietion ol Document, with mdicalion.wheie appropriate, ol the relevanl passages 



DEAN D ET AL: "JAVA SECURITY: FROM 
HOTOAVA TO NETSCAPE AND BEYOND" 
PROCEEDINGS OF THE 1996 IE£E SYMPOSIUM ON 
SECURITY AND PRIVACY, OAKLAND, CA. , MAY 6 
- 8. 1996, 
no. SYMP. 17, 6 May 1996, INSTITUTE OF 
ELECTRICAL AND ELECTRONICS ENGINEERS, 
pages 190-200, XP000634844 
see page 190, right-hand column, line 3 - 
page 192, left-hand column, line 5 
see page 194, right-hand column, last 
paragraph - page 196, left-hand column, 
paragraph 1 



"JAVA, THE WEB, AND SOFTWARE 



YOURDON E: 
DEVELOPMENT' 
COMPUTER, 

vol. 29, no. 8, August 1996, 

pages 25-30, XP000632764 

see page 28, left-hand column 

EP 0 718 761 A (SUN MICROSYSTEMS INC) 26 
June 1996 

see abstract; figure 3 

see page 5, line 24 - line 35 



W L i 



Relevant lo clain No. 



1-13,21 



1-13,21 



1.7.8 





IBM SYSTi:^iS vjCi;R:MAL, 
vol. 35, no. 3/04, 1996, 
P^QSS 313-335, XP000635079 
see abstract 


1 


A 


LEWONTIN S: "THE DCE WEB TOOLKIT: 
ENHANCING mi PROTOCOLS WITH LOWER-LAYER 
SERVICES" 

COMPUTER NETWORKS AND ISDN SYSTEMS, 
vol. 27, no. 6, 1 April 1995, 
pages 765-771, XP000498084 




A 


MCGRAW G ET AL: "JAVA SECURITY AND TYPE 

SAFETY" 

BYTE , 

vol. 22, no. 1, January 1997. 
page 63/64 XP000679974 








A 

form PCT/lSAd 


HAMILTON M A: "JAVA AND THE SHIFT TO 

NET-CENTRIC COMPUTING" 

COMPUTER, 

vol. 29, no. 8, AuQUSt 1996, 
pages 31-39, XP000632765 





BNSDOCIO: <WC e64A402A1 1 > 



page 2 of 2 



INTERNATIONAL SEARCH REPORT 

Inlormstlon on patent family members 



Psieni aocument 
cited in search report 



Publication 
date 



Intetn. .onal Application No 

PCT/6B 98/00808 



Patent tamily 
members) 



Publication 
date 



WO 9407204 



31-03-1994 



AU 
AU 
CA 
.CN 
EP 
NZ 
US 



678985 B 
4811393 A 
2145068 
1103186 
0689697 

255971 
5490216 



A 
A 
A 
A 
A 



19-06-1997 
12-04-1994 
31-03-1994 
31-05-1995 
03-01-1996 
26-05-1997 
06-02-1996 



US 


5235642 


A 


10-08-1993 


EP 


0580350 A 


26-01-1994 










OP 


6202998 A 


22-07-1994 


EP 


0718763 


A 


26-06-1996 


US 


5630066 A 


13-05-1997 










JP 


8263447 A 


11-10-1996 



form PC1/1SA«10 ipaicni family »nn«ir) (July 1992) 




I 



THIS PAGE BLANK (uspto) 



1 



